Reblaze Part of Link11
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
  • Reblaze Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Server Certificates versus CA Certificates
  • Administration (for both types)
  • Generating a Certificate
  • Editing/Configuring a Certificate
  • Editable parameters and controls

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Sites
  3. SSL

Certificates

Administration of SSL certificates

PreviousLoad BalancersNextSystem

Last updated 3 days ago

Was this helpful?

Overview

This section allows you to manage your SSL Certificates. There are two types of certificates, each in its own tab: Server and CA.

Server Certificates versus CA Certificates

Server Certificates can be attached to Load Balancers, or to domains via Server Groups.

CA Certificates are used for mTLS connections between clients and Link11 WAAP. More information about how L11WAAP supports mTLS is here: How do I enable mTLS.

In the current version, mTLS is available when using AWS NLB (Network Load Balancing). If you are not using NLB, the CA Certificates tab will not appear in the interface.

Administration (for both types)

The list of currently defined Certificates is displayed in each tab. From here, new certificates can be generated, or existing ones can be edited.

When adding new certificates, publishing your changes is necessary to make the new certificates available for use in the system.

Both types of certificates are administered using the same procedures, described below.

Generating a Certificate

Selecting the + New button displays the Generate certificate dialog:

Certificates can be added manually, or L11WAAP can parse a PFX file.

Editing/Configuring a Certificate

When an existing Certificate is edited, the Edit Certificate dialog appears:

Editable parameters and controls

Auto Replacement by Let's Encrypt

Let's Encrypt is a free certificate authority service. L11WAAP integrates with it, and offers this service by default.

Once a day, L11WAAP will check each application it protects. If that application's certificate is going to expire in the coming week, and its Auto Replacement by Let's Encrypt option for that certificate is enabled, L11WAAP will generate a new certificate using Let's Encrypt, and will attach all of its sites to the new certificate.

Attach To Application

This tab includes a list of Server Groups. Selecting one will connect this Certificate to it.

Replace Existing Certificate

This tab includes a list of Certificates defined within the system. Selecting one and then clicking Save will result in all sites/applications being transferred from the selected Certificate over to the Certificate you're currently editing.

Download PFX

This will download the certificate information as a file in PFX format.